Risk Management

The first stage of the risk identification begins the developments of a firm specific risk tree with the collection of all risks affecting the company targets and. The following illustration outlines example of a risk categorization:
Technological risks (business risks)

• Knowledge deficit: Is your enterprise strongly pending from the technological change?
• Does the danger of the “obsolescence” of the knowledge exist?
• Are there new processes in production?
• Are the downtimes how high?
• Is the production process susceptible to system crashes?

etc.

Achievement-economical risks (business risks)

• Procurement side: Does a dependence exist opposite few suppliers (single sourcing)?
• Are there substitution possibilities on the procurement side?
• Do they have problems with quality fluctuations with the input factors?
• Do they have problems with quality fluctuations with the output factors?
• Is the error frequency how high? Does it come due to wrong planning/vote frequently to extensions of deadline of projects/orders?
• Do you work process orientated?
• How does the vote between the individual functions take place?
• Research and development: Is the enterprise strengthens a technological change suspended (for example IT industry)?

etc.

Financialeconomical risks (business risks)

• Are the demand losses how high?
• Are the agreed upon dates of payment kept by the customers?
• Are liquid means/collateral present to sufficient extent?
• Are Finanzierungspielräume present?
• Does their enterprise derivatives financial instruments begin?
• Does your enterprise depend strongly on varying market prices?

etc.

Corporate Governance (business risks)

• Do you have problems with the procurement of qualified personnel?
• Are the fluctuation rates how high?
• Do they have a location disadvantage?
• Do they observe motivation and integrity gaps in the enterprise?
• Is time absent/disease days how high per annum?
• Do they have a team culture in the enterprise?
• How would you characterize the style of leadership in the enterprise? (More autocratically, authoritarian, bureaucratic ones, democratic ones, formal one, cooperative, laissez-faire, Liberalisti, Patriarchali, charismatic style of leadership)
• Try the strengths and the weaknesses of the organisational culture regarding customer, coworker, innovative, quality, to specify result and achievement orientation.
• Would you regard the organisational culture of your enterprise as “autopilot” for the implicit steering of the coworkers?

etc.

Social risks (business risks)

• Was the enterprise already confronted with trade restrictions?
• Exist does the danger of a strike/a riot in the company (addresses abroad?) /Sabotage/terrorism?
• Are cases of unfaithfulness/negligent behavior well-known with you?

etc.

Natural occurences (external risks)

• Do you have an address/a manufacturing plant in an earthquake-endangered area?
• Do you have an address/a manufacturing plant in an flooding-endangered area?
• Do you have an address/a manufacturing plant in an storm-endangered/hurricane-endanger area?

etc.

Social risks (external risks)

• Do they know cases of break-down theft/robbery in your enterprise?
• Does the danger of sabotage exist?

etc.

Political risks (external risks)

• Do you have an address/a manufacturing plant in a theater of war/war-endanger area?
• Is the enterprise subject to frequent changes of the legal sets of rules and regulations?
• Does the danger of nationalizations exist?
• Does the danger of a putsch exist?

etc.

Technical risks (external risks)

• Does a increased fire risk (high fire load) exist?
• Does a increased explosion risk exist?
• Does a bottleneck factor in your production (machine etc.) exist?
• Does a increased collapse risk exist?
• Have do you increases transport damages?

etc.

Personal risks (external risks)

• How many compulsorily notifiable (BG) accidents registered you per annum?
• Are there caused deaths by accident?

etc.

Alternative risk categorization
External risks

• Natural occurences
• Political changes
• Social changes
• Shifts of the market/new markets
• Legal developments
• Economic developments
• Supervision-legal changes
• Shifts of the branch trends
• Technical changes

Operational risks

• Logistics/selling
• IT security
• Humanly ressources
• Environmental risks
• Contract risks
• Project risks
• Customer satisfaction
• Quality
• “Health and Safety”/industrial safety
• Criminal actions
• Supplier
• Price strategy
• Customer perspective (loyalty etc.)
• Production development
• Mark value
• Production risks
• run cycle management
• Financial risks
• Liquidity
• Credit rating/debtor management
• Credit risk
• Investment control and - planning
• Taxes
• Derivatives
• Kapitalumschlag
• Company pension scheme
• Financing control/- planning

etc.

Strategic risks

• Market shares
• Mergers and Acquisitions
• Joint venture
• Resource allocation
• Humanly Capital
• Capacities
• Structure and sequence organization
• Alliances
• Crisis communication and - management

Risks, which were not identified and were not analyzed, cannot be steered

A key place in the entire Risk management process takes the risk price increase and - control. Products or economic activities given up with the goal of avoiding the associated risks then one speaks of risk avoidance. If risks are reduced by separating of enterprise functions, by regional or subject-related dispersion and/or by technical or organizational measures (e.g. comprehensive fire protection concept), then one speaks of risk reduction.

During the risk financing it concerns the question, to what extent risks are externalisiert (for example against the payment of an insurance premium) and/or which risks by the enterprise to be carried.

If the risk analysis is not accomplished insufficiently or, then a large portion of the total risk could be hidden with the “not identified risks”, so that also the use of the risk price increase and - control of smaller value is.

Risks avoid

If an enterprise decides to give or adapt determined activities up because of to high risk potentials, then one speaks of of risk avoidance.

Example: A manufacturer of electronic control units for passenger car does not decide to sell due to the high product liability risk in the future its products any longer on the US-American market.

Also the adjustment of the process cycles (for example in the production process) can contribute to the avoidance of risks. Example: In a lacquer route to a more pollution free lacquer finish procedure is changed over, in order to avoid so the environmental and image risk.

Another way risks to avoid is the misalignment of parts of the enterprise into other countries, in which for example the environmental legislation or industrial safety legislation is differently arranged. Here however possibly a higher image risk must be taken in purchase.

Risks decrease

An enterprise decides to laminate risks on third (however not insurers) to obtain within the enterprise a compensation of risks or by technical and organizational took someone’s measurements for damage to prevent speaks in such a way one of reduction of damage.

Risks can be externalisiert on other restaurant economics through:

Adhesion agreements and guarantee regulations in general trading conditions

Outsourcing of enterprise functions (for example Facility/buildings management, EDP functions, Factoring/demand introduction, logistics

Leasing contracts for production machines, EDP

Within a company risks can - if they are from each other independent - regionally, subject-related or personal are strewn. If the bespielsweise production of memory chips is distributed on three regionally from each other separated production units, then the risk of an operating interrupt or a total failure is reduced by fire.

Also by product diversification the market risk can be reduced (subject-related dispersion).

In particular the technical and organizational took someone’s measurements for Risikominderung within the ranges:

Fire protection

Environmental protection

Industrial safety and security (Health and Safety)

Protection of the infrastructure ranges (energy, water supply etc.)

Measures against third-party risks

Protection against procurement, development, production, sale and liability risks

Protection of the EDP processes

Protection against confidence damage (suppression, unfaithfulness, theft, fraud etc.)

Protection against computer abuse and information discharge (industrial espionage)

Protection against break-down theft

Factory protection force

Transport lock

should be particularly considered by enterprises.

Risks financiers

During the risk financing the question is treated, to what extent risks are externalisiert on third (in particular insurer) or by the enterprise are carried.

Risks laminate:

Risks are shifted by traditional insurance programs by the purchase by insurance protection on an insurer. In particular the security of existence-threatening risks is important. With middle risks helps cost use a view with the organization of the insurance program. In detail one differentiates the following insurance sections with respect to the framework from risk financing programs (partly based on the regulations of the VAG):

• Seeming vehicle all risks insurance on vehicles
• Aircraft all risks insurance on vehicles
• Sea, lake and riverboat trip all risks insurance on vehicles
• Merchandize
• Fire and elementary indemnity insurance
• Hail, frost and other damages to property
• Aircraft liability insurance, sea, lake and river shipping liability
• General liability
• Credit insurance
• Bail insurance
• Legal protection
• Interruption insurance
• (Accident insurance, health insurance)

Beside traditional insurance solutions lately concepts from the range “of the Risktransfer” (kind solutions) and/or “alternative risk financing” (ARF) gain alternative ever more significance.

Risks carry

Into exceptions (for example with multinational enterprises or with the public institutions) based on the law of the sizes if an internal compensation of risks reaches numbers, then self stretchers of risks an alternative to traditional insurance programs can be also. An appropriate Rücklagenbildung leads to smaller fluctuations relating to the balance. Many risks must be carried, because they are not insurable (for example disaster risk, business risk). The external self-insurance can be made by Captive Insurance Companies, pension funds or the local damage compensations.

Only the risks to be recognized, can be evaluated…

A condition and starting point for an efficient Risk management process is as complete an risk identification as possible. The risk identification should take place process orientated and subdivide into different risk ranges (management, purchase, manufacturing, infrastructure ranges, marketing, quality management, fire protection, industrial safety, environmental protection, EDP, transport etc.).

The technology of the risk identification should be co-ordinated with the specific risk situation of the enterprise. In particular if possible all risks should be seized and be led fast to precise and usable results.

After the risk evaluation all risks should be arranged arranged according to their financial effects and the probability of entrance in a risk inventory and/or a Risk map.

Think the unthinkable…

To the risk identification it goes quantifying the recognized risks now during the risk evaluation around or at least qualitatively to weights. During the risk evaluation one avails oneself of different instruments and methods:

• Scenario technology
• VALUE RK Risk
• ABC analysis
• Scoring models
• Risk map
• Monitoring team
• Analyzes of sensitivity
• Fuzzy Mathematics
• PML and/or MPL analyzes

etc.

An overview and a description of the methods find you in the RiskNET glossary!

During the evaluation of a majority damage risk for example the MPL (maximum Possible Loss) becomes or the PML (Probable maximum Loss) determines. For an enterprise it is importantly too experienced with which probability an individual damage height is beyond that exceeded.

In practice the probability of damage entrance is weighted frequently also qualitatively after the categories “very small”, “small”, “means”, “highly” as well as “very highly”. In particular risks regarding market loss and/or image loss can be so better illustrated.

The risk evaluation is part of the risk analysis method, those based on statistic data, systems analyzes, fault tree analyzes or analysis of expiration of incident (see RiskNET glossary) the enterprise risks to quantify. Impacts the quantitative procedures to its borders, then one avails oneself of qualitative methods and/or statements.

All realizations of the risk analysis (risk identification and - evaluation) flow either into a risk inventory or into a RiskMap (see illustration above). In compressed and clear form the risks of an enterprise are illustrated, in order to give so to the decision makers an overview of the risk situation of the enterprise and in particular the economic meaning. In this connection the goal of economical optimal security is important, i.e. security may not be the original goal of an enterprise.

The operational Risk management contains the process of the systematic and current risk analysis of the enterprise and the business procedures. The goal can be attained economically optimal security and not the maximum.

First of all the risks of an enterprise must be recognized and analyzed. The provision of information is simultaneous the most difficult phase in the RM process and a key function of the RM. A systematic, process orientated approach is necessary.

During the collection of the risks help among other things inspections, interviews, organization charts, balances, check lists and damage statistics. RiskNet has for the risk analysis and - evaluation a special method develops, with which the individual risk fields and subprocesses are analyzed.

If the risks are recognized, then a quantification takes place regarding expectancy value in the next phase of the risk evaluation. The expectancy value determines itself from the multiplication of the probability of entrance with the damage extent. During the evaluation one avails oneself of various analysis methods, like for example:

• Fault tree analyzes
• Analyzes of expiration of incident
• Scenario technology
• VALUE RK Risk
• ABC analysis
• Scoring models
• Risk map
• Monitoring team
• Analyzes of sensitivity
• PML and/or MPL analyzes

If a quantification is not possible (for example with image loss), then the risk is qualitatively evaluated (existence-threatening, serious, means, small, insignificantly).

A goal of the risk identification and - evaluation (risk analysis) is the production of a risk inventory and/or a RiskMap. A risk inventory contains a listing and a classification of all risks, detailed data concerning probabilities of damage entrance as well as potential financial effects.

After the risk analysis the evaluated risks must be compared with the given safety goals (see risk politics). The phase of the risk price increase and - control aims off to positively change the risk situation of the enterprise. Risks can be avoided, by economic activities given up and/or to be changed (e.g. development of new technologies).

Risks can be limited by risk over rolling and Risikostreuung. The adhesion can be limited by general trading conditions; risks can be reduced by separating of enterprise functions (outsourcing) and leasing. Via regional, subject-related and personal dispersion a compensation of risks can take place with from each other independent risks. If production plants are spatially separated, then the total risk is reduced.

By organizational (bspw. Emergency planning) and technical (bspw. ) Can risks took someone’s measurements for fire sprinkler be decreased. In particular the operational fire protection plays here a substantial role, since fires rank among the most frequent causes of damage.

The phase of the risk price increase and - furthermore control covers the risk financing. Which risks can be externalisiert for example by insurance solutions or alternative risk transfer?

It is important that it concerns with the Risk management process an automatic control loop. The results of the operational RM flow into the goals of the strategic RM.

Risk management is more than the view into the rear view mirror

risk management was always already implicitly a component of the enterprise control. Frequently however only then one reacted if the enterprise were already in stormy lake or in acute distress. In the industry and in the trade it went primarily around the fulfillment from laws (something regulations concerning fire or industrial safety) or editions of the insurers (about VdS, HPR).

Risk is based a Konstrukt and on risk perception. Which for the risk is, needs to be for other still for a long time keins.

Risk management is more than the view in the log!

Due to itself in the past years the changed basic conditions for enterprises an per-active, systematic and getistic risk management is however a condition, in order to recognize and circumnavigate the cliffs in stormy lake in time. Increasingly globalized a competition on deregulierten markets, an increasing complexity as well as rapid developments within the range of the information technology (IT) cumulate to chances, in addition, risks for the enterprises. An increasing complexity of the enterprise processes and new decentralized firm’s structures as well as shorter response times, led to a new risk situation of the enterprises. The moreover enterprises are exposed to intensified rising costs. By “business intuition” and reactive control systems it might become ever more difficult to seize and analyze the complexity of the processes and risks.

Only that, which has the risks in the view, recognizes the chance-rich route!

An efficient risk management process functions similarly to the human organism or other network architecture in nature. In a perfect network co-operate brain, heart and nervous system. Networks are flexible and flexible, have common goals, will interaction and avoid hierarchies. Transferred to risk management this means that different sensors and sense (eye, ear, nerves etc.) take up the risks and to a central place passes it on (brain). And altogether the strategic adjustment of the system (enterprise) decides on the risk understanding.

The strategic risk management forms the integrative clip and the foundation for entire risk management of the process. At the strategic risk management particularly around the formulation of risk management goals in form of one ‚to risk politics’ as well as the bases of the organization of the risk management is. The selection of the risk management goals takes place here on the basis of different chance/risk conditions. A declaration of intent on the part of management, communicated obligatorily, is mandatory with the structure of a risk management.

The primary goals of the risk management are:

• Lasting increase of the enterprise value
• Protection of the company targets (achievement-economical, financial goals etc.)
• Protection of the future success of the enterprise
• Optimization of the risk costs
• Social goals from the social responsibility of the enterprise

One misses or several of these goals, then an enterprise is endangered in the existence. Without the support of management the installation of a functioning risk management will not be possible. Therefore the management and/or the executive committee is the highest instance during the definition the risk management of goals. In the context strategic risk management takes place the organizational imbedding in an enterprise as well as communication of the risk-political decisions of general principle. The risk management organization defines the structure-organizational framework. For the practical conversion to the operational processes it is important that risk management is lived and part of the organisational culture becomes.